Spyware Vendor’s Pall Mall Claims Trigger Civil Society Backlash
Published
Key Takeaways
- Reputation Whitewashing: Civil society groups accuse NSO Group of using the Pall Mall Process to rehabilitate its image.
- Diplomatic Rejection: Officials clarified that NSO Group was not invited and that submitting a consultation response does not imply endorsement or compliance.
- Ongoing Abuses: Amnesty International recently confirmed that NSO’s Pegasus spyware was used to target Serbian journalists as recently as February 2025.
Civil society organizations have issued strong warnings about NSO Group's recent efforts to align with the Pall Mall Process, a diplomatic initiative to regulate commercial cyber intrusion capabilities. The Pall Mall Process controversy intensified after NSO released a transparency report touting its contribution to the framework.
Critics argue that the spyware vendor is attempting to "whitewash" its reputation while continuing to sell Pegasus spyware to authoritarian regimes known for human rights violations.
Pegasus Human Rights Abuses Continue Unchecked
The core of the criticism centers on persistent Pegasus-related human rights abuses. NSO's transparency report was released on January 7, while in February 2025, Amnesty International revealed that Pegasus was used to target two journalists in Serbia.
Experts from The Citizen Lab and Access Now emphasize that despite NSO's claims of having a human rights compliance program, there is little evidence of tangible reform or accountability.
This incident adds to a long list of documented abuses, including the targeting of the late journalist Jamal Khashoggi's associates. While NSO Group claims in the report to operate under "stringent export licensing requirements," it has notably failed to provide transparency into which clients it has dropped for misuse.
Challenges in Global Spyware Regulation
Officials from France and the U.K., who lead the Pall Mall Process, have stated that NSO's unsolicited submission does not constitute participation in the initiative or validation of its practices.
However, experts warn that, without strict exclusion criteria, "mercenary spyware" vendors may exploit open consultation models to feign legitimacy. Civil society leaders are calling for clear mechanisms to disqualify vendors with poor human rights records from shaping the governance frameworks intended to police them.
Reports in April 2025 said more than 1,200 WhatsApp users in 51 countries were targeted by the Pegasus spyware, a case that revealed Mexico, Saudi Arabia, and Uzbekistan as NSO Group's government clients.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular